CVE-2026-8700

EUVD-2026-30666
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.

Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Debian logo
Debian Releases
Debian Product
Codename
libcrypt-dsa-perl
bookworm
ignored
bullseye
ignored
trixie
ignored
Common Weakness Enumeration
References
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm
http://www.openwall.com/lists/oss-security/2026/05/15/26